CVE-2026-31789
- EPSS 0.23%
- Veröffentlicht 07.04.2026 22:16:21
- Zuletzt bearbeitet 12.05.2026 13:17:34
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code executi...
CVE-2026-31790
- EPSS 0.98%
- Veröffentlicht 07.04.2026 22:16:21
- Zuletzt bearbeitet 12.05.2026 13:17:34
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the p...
CVE-2026-28386
- EPSS 0.31%
- Veröffentlicht 07.04.2026 22:16:20
- Zuletzt bearbeitet 24.04.2026 18:28:21
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may tri...
CVE-2026-28387
- EPSS 0.63%
- Veröffentlicht 07.04.2026 22:16:20
- Zuletzt bearbeitet 12.05.2026 13:17:33
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use aft...
CVE-2026-28388
- EPSS 0.89%
- Veröffentlicht 07.04.2026 22:16:20
- Zuletzt bearbeitet 12.05.2026 13:17:33
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which ...
CVE-2026-2673
- EPSS 0.44%
- Veröffentlicht 13.03.2026 13:23:00
- Zuletzt bearbeitet 05.06.2026 19:48:51
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may...
CVE-2026-22795
- EPSS 0.14%
- Veröffentlicht 27.01.2026 16:16:35
- Zuletzt bearbeitet 12.05.2026 13:17:32
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on mem...
CVE-2026-22796
- EPSS 0.5%
- Veröffentlicht 27.01.2026 16:16:35
- Zuletzt bearbeitet 12.05.2026 13:17:32
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing mal...
CVE-2025-69419
- EPSS 0.44%
- Veröffentlicht 27.01.2026 16:16:34
- Zuletzt bearbeitet 12.05.2026 13:17:26
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: T...
CVE-2025-69420
- EPSS 0.77%
- Veröffentlicht 27.01.2026 16:16:34
- Zuletzt bearbeitet 12.05.2026 13:17:26
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed...